We’ll only use your personal data on relevant lawful grounds as permitted by: (a) the European Union General Data Protection Regulation (Regulation (EU) 2016/679) as adopted into and amended for the purpose of UK law; (b) the Data Protection Act 2018; and (c) Electronic Communications Regulations 2003 (as amended from time to time).
This policy covers:
- Who runs The Royal Parks’ Half Marathon?
- What personal data do we collect?
- How we use your personal data?
- Disclosure of personal data to third parties
- Your rights as a data subject
- Links to third party websites
- Where do we process your personal data?
- Notification of changes
The Royal Parks’ Half Marathon is organised by The Royal Parks Limited, with assistance from LimeLight Sports Limited.
In this policy, whenever you see the words ‘The Royal Parks’, 'THE ROYAL PARKS' ‘we’, ‘us’, ‘our’, it refers to The Royal Parks Limited. Whenever you see the words LimeLight, it refers to LimeLight Sports Limited. Whenever you see the words “the event”, it refers to The Royal Parks’ Half Marathon.
The Royal Parks Limited is a charity created in March 2017 and officially launched in July 2017 to support and manage 5,000 acres of Royal parkland across London.
If you would like to contact us about this privacy notice or how we use your personal data, please contact us at:
The Old Police House
Telephone: +44 (0)300 061 2000
The Royal Parks is the data controller of the personal data we process, unless otherwise stated.
Your personal data is any information which identifies you, or which can be identified as relating to you personally. We’ll only collect the personal data that we need to allow you to participate in the event.
We collect some or all of the following personal data from you when you register to participate in the event and when you participate in the event:
- Email address
- Telephone number
- Date of birth
- Emergency contact information
We will also collect the following special category of data from you:
- Medical information relevant to your participation in the event.
If you do not provide all the information required, we will not be able to process your registration or allow you to participate in the event.
If you register as part of a team, some of the above information may be provided to us by a member of your team on your behalf to allow us to contact you to complete your event registration.
Personal data provided to us will be used for the purpose or purposes outlined in any privacy notice in a transparent manner at the time of collection or registration where appropriate. If asked by regulatory or government authorities investigating suspected illegal activities, we may need to provide your personal data.
Your personal data will be collected and processed:
- To provide our services to you in connection with the event, including to:
- Confirm and verify your identify
- Administer the event and enable you to participate in the event
- Contact you regarding details for the event
- For our legitimate interests in promoting the event and similar future events.
- To satisfy our legal, accounting or reporting requirements.
We process special categories of personal data (including data concerning your health) where this is necessary to protect your health or vital interests.
If you consent to hearing from us in the future, we will store your personal data and contact you by email or SMS to let you know about future events we hold. You have the right to ask us not to process your personal data for marketing purposes at any time. You can exercise this right by unsubscribing from marketing emails you receive or by contacting us at the address set out above.
We will hold and process your personal data for a maximum of five years from your last engagement with us, before removing it from our systems. If you want us to stop processing your personal data before this time, please contact us.
We do not currently use automated decision-making including profiling.
We may share your personal data with the following third parties who perform services on our behalf in connection with the event:
- If you register for the event as part of a team, a designated leader or contact person for your team to enable them to complete your registration
- LimeLight Sports, which organises the event for us as well as their selected suppliers who complete the following services:
- Fulfilment suppliers for fulfilment of your event race pack
- The event’s medical supplier, in connection with any medical assistance given to you in relation to the event
- The timing and scoring provider, to enable them to process timing chips for the event
- The official event photography company in connection with event photography.
- Law enforcement agencies and regulators where we are under a duty to disclose or share your information in order to comply with any legal or regulatory obligation, or where we reasonably consider that this is necessary to help prevent or detect fraud or other crime or to protect the rights, property or safety of us, participants or other individuals.
- If you purchase event merchandise as part of your registration process (including iTabs, pace pockets, and apparel), we will need to share your personal data with our vendors in order to fulfil your order.
- Any other third party where you have consented to such disclosure.
As a data subject whose personal information we hold, you have certain rights. If you wish to exercise any of these rights, please email firstname.lastname@example.org or use the information supplied in the About Us section above. In order to process your request, we will ask you to provide two valid forms of identification for verification purposes. Your rights are as follows:
The right of access - You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.
The right to data portability - This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. This right only applies if we are processing information based on your consent or under contract and the processing is automated.
The right to object - You have the right to object to processing if we are able to process your information because the process forms part of our public tasks, or is in our legitimate interests.
The right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
The right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.
The right to erasure - You have the right to ask us to erase your personal information in certain circumstances. We will take all reasonable steps to ensure that we erase the data.
Rights related automated decision-making including profiling – You have rights surrounding our use of automated decision-making and profiling. You can object to us using your personal data in such a way at any time.
We will confirm that we have updated, ported, erased, provided or amended your personal data as requested within one month of receipt of your request. If we are unable to meet your request or require an extension to meet the request we will inform you within one month.
If we are processing your personal data with your consent, then you have the right to withdraw that consent at any time and we will cease processing your personal data without undue delay.
A 'cookie' is a small text file that is placed on a user's computer hard drive by a website. There are several types of cookie and the most common are often referred to as 'session' cookies. These are used to keep track of information needed by a user as they travel from page to page within a website. These cookies have a short lifetime and expire within a few minutes of the user leaving the site.
Other types of cookies can be used to track internet activity after the user has left a website. These are either sponsored by organisations external to the website being visited (known as 'third party' cookies) or can originate from the website organisation itself ('first party' cookies). These usually have a long lifetime with several months being quite common. They are 'harvested' and 'refreshed' whenever the user visits a page where the same or a similar cookie is being used.
This website uses benign, short lived 'session' cookies and 'first party' cookies to tell whether a website user has logged-in, where to find details that can be used to pre-fill parts of on-line forms and to personalise the user's visit to the website. They are also used to track anonymously which areas of the site are popular and which are not used; this allows us to target carefully our website resources.
We recognise the need to ensure that personal information gathered via this website remains secure. We use industry standard Secure Server Software (SSL) for your transactions with us to protect against the loss, misuse and alteration of the personal information under our control. It encrypts all of your personal information, including credit card number, name, and address, so that it cannot be read as the information travels over the Internet. However, you acknowledge that although we exercise adequate care and security there remains a risk that information transmitted over the Internet and stored by computer may be intercepted or accessed by an unauthorised third party.
When personal data is stored on The Royal Parks’ systems we take every care to ensure the security of your personal data. Its information systems are adequately and appropriately protected, by the implementation and maintenance of security controls, against threats to the systems. The implemented security controls are appropriate to the measures of risks and the value of assets, and implemented, used and where relevant tested, correctly, through information security compliance (audit) reviews, to ensure that the required level of security is maintained.
One of our current service providers, Marathon Photos, has offices located outside the UK. The personal data that they process on our behalf may be transferred to New Zealand. New Zealand has an adequacy finding, and as such is considered to offer an equivalent standard of protection for personal data as information in the UK.
The provider of the App, District Technologies, is based in Singapore. Any personal data that they process may be transferred to Singapore, which does not have an ICO adequacy finding. Accordingly, the transfer of your personal data to District Technologies will be subject to standard data protection contractual clauses, which place certain contractual obligations on both the Event Organiser and District Technologies in relation to the transfer of your personal data outside of the UK.
Unless we specifically inform you otherwise, your personal data will only be processed within the UK.
We may update this policy at any time without notice. Any changes to this policy will be notified by an announcement on this website. Your continued use of this website, following the posting of changes to this policy, will mean you accept these changes.
Should you wish to discuss a complaint, please feel free to contact us using the details provided above. All complaints will be treated in a confidential manner.
Should you feel unsatisfied with our handling of your data, or about any complaint that you have made to us about our handling of your data, you are entitled to escalate your complaint to a supervisory authority within the United Kingdom, this is the Information Commissioner’s Office (ICO). Its contact information can be found at https://ico.org.uk/global/contact-us/.